You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Infected With Vundo Trojan

Please help my laptop has been infected with a Vundo Trojan, as found by Norton Anti Virus as well as Vundo Fix. I tried using both programs to remove but it just comes back everytime the comp is rebooted. I constantly get pop up adds and page redirects. Please help. Here is a copy of a HiJackthis log:

Thanks for the quick reply. I did what you requested and changed the name of Hijack, and ran it. Attached is the log file. I also got the VundoFix and attached the log. Vundo I have used before and everytime I run it ti keeps finding the same VTSQQ.DLL file like 10 times then i do a delete and it reboots and comes back with same issue. As far as spysweeper its useless, it has not found anything in weeks. Its version 5.

After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

You will first be presented with a warning .
It should look like this

VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

At this point press enter one time.

Next you will see:

Please Type in the filepath as instructed by the forum staff
and then press enter:

At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\vtsqq.dll

Press Enter to continue with the fix.

Next you will see:

Please type in the second filepath as instructed by the forum
staff then press enter:

At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\qqstv.*

Press Enter to continue with the fix.

The fix will run then HijackThis will open, if it does not open automatically please open it manually.

Don't use the windows start\search featureUsing Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked. If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.

Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\WINDOWS\system32\jmdqmnqt.dll <==file

*******************************************

*NOTE*CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.

In the Windows Tab: • Clean all entries in the "Internet Explorer" section except Cookies. • Clean all the entries in the "Windows Explorer" section. • Clean all entries in the "System" section. • Clean all entries in the "Advanced" section. • Clean any others that you choose.

In the Applications Tab: • Clean all except cookies in the Firefox/Mozilla section if you use it. • Clean all in the Opera section if you use it. • Clean Sun Java in the Internet Section. • Clean any others that you choose.

4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done.

Ok so I did the Vundo steps, and cleaned out with cleaner. I also ran the Panda online which took forever but I posted the results here. I re ran the vundo fix and it does not seem to be finding anything. Computer acting better but still slugish for some reason.

Superantispyware will now scan your computer and when its finished it will list all the infections it has found.

Make sure that they all have a check next to them and press next.

Click finish and you will be taken back to the main interface.

Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.

Copy and paste the log to this thread.

1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply

Notes:Do not mouseclick combofix's window while it's running. That may cause it to stall Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

Edited by SifuMike, 19 December 2006 - 12:58 PM.

If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.